Machine Politics: The Man Who Started the Hacker Wars:
By David Kushner
The New Yorker Magazine
May 7, 2012
Summary by John McBride
George Hotz was only seventeen-year’s old when he hacked Apple’s I-Phone in 2007. He removed the back of the phone with a Phillips-head screwdriver and zapped the baseboard processer by soldering a wire to the chip and running voltage through it. This scrambled the code used by the component. He then wrote a program on his personal computer that enabled the phone to work with any wireless phone carrier. Afterwards, he posted an announcement of his discovery on You-tube. Apple never officially acknowledged Hotz’s success at hacking the I-Phone; but Steve Wozniak, the co-founder of Apple, sent an e-mail congratulating him. Not too long after, Apple’s sometime competitor, Google, offered Hotz an internship but he soon grew dissatisfied with the monotony of the assignment. Some might say hacking was in his blood. Next Hotz set his sights on Sony’s Playstation 3, and in a similar way to how he modified the I-Phone, he hacked a console by dismantling it and zapping a component called the hypervisor. Again he wrote a script to command the machine to grant him the access rights he desired. Unlike Apple, Sony retaliated. A California district court granted a restraining order request issued by Sony. It meant that Hotz was barred from both tampering with devices made by Sony and sharing information with others on how to modify those same devices. Sony’s lawyers also subpoenaed information from Hotz’s ISP, his twitter account, his Google account, and his Youtube account. Some say Sony crossed the line when it succeeded in obtaining the addresses of individuals who downloaded Hotz’s instructions for hacking the Sony PS3. By going after him, personally, Sony elevated Hotz to the status of martyr for the digital rights cause. By going after the addresses of other hackers they gave his supporters cause to rally. Thus the backlash began. The secret association of hackers known as Anonymous came to Hotz’s defense. On April 4th, 2011 they launched a denial of service attack that brought down Sony.com and Playstation.com. Then on April 11th Sony came to an agreement with Hotz, who would not face criminal charges, but agreed to a permanent injunction from hacking Sony devices. But the hacker attacks against Sony did not end. On April 19th, hackers had penetrated Sony’s IT security and obtained sensitive information belonging to PSN subscribers, possibly including credit card information. “Security experts called it one of the biggest data breaches of all time.” Sony decided to keep its PSN down indefinitely until it beefed up security. It was costing the company ten million dollars a week in forgone revenue. The attacks continued. On May 1st, twenty-four million personal accounts on Sony Online Entertainment service were hacked. As a result some network services were down two weeks while Sony investigated. Finally, on June, 2nd LulzSec, a splinter group of Anonymous hacked Sony Pictures’ web site, obtaining passwords of site users. Despite the hacker wars that erupted--later Nintendo, Electronic Arts, News Corporation, and others were hacked--Hotz never participated in or directly condoned the attacks. In fact, Hotz never made any contact with members of Anonymous or Lulzsec. He also didn’t let the Sony fiasco break his stride; he accepted a full time position with Facebook but quit after eight months. Anonymous did not fare as well. In March, 2012 the US Attorney’s office indicted six hackers from Anonymous and Lulzsec.
Controls: Hardware: I spoke to a desktop support specialist at my office who is a “techie”. He told me that Apple and Sony might have been able to use HAL, Hardware Abstraction Layer tecnology and redundant chips to protect the I-Phone and Sony Play Station Three, respectively, from being hacked. A HAL uses an algorithm to count the number of chips or components. If the chip is changed, this changes how it is counted by the algorithm. Apple and Sony can then restrict privileges based on the alteration. A redundant chip uses a similar methodology. If the original chip is scrambled then the redundant chip won’t match the scrambled chip and privileges can be revoked. If the hacker tries to scramble the redundant chip it still won’t match the original scrambled chip because scrambling produces random results. Software: Sony stored passwords in plaintext, rather than encrypting the codes by hashing them. If Sony used strong hashing algorithms such as Sha-512 to hash the passwords it stored it could have prevented the hackers from reading the stolen passwords. Salting (adding random prefixes and suffixes) hashes also makes them more secure. Sony also did not have measures in place to stop an SQL Injection that hackers used to gain access to the Sony Pictures Site. Two broad ways to stop SQL injections are the following: do not allow dynamic database queries and do not allow user input in queries.
Sony: In response, Sony went on to create a brand new corporate executive position to oversee its global information security and privacy, and in May of 2011, it invited Hotz to come meet with some of its engineers. For an hour he showed the engineers how he had hacked the Play Station 3. This was a bold move by Sony. However, it allowed Sony engineers a valuable opportunity to obtain insight from someone who successfully reversed engineered the product they designed and built.
George Hotz: George Hotz is a technical hacker. He had completed an internship at Google and worked briefly as a designer at Facebook. He also was competent enough to write code that would work with both the Apple operating system and the Play Station 3 operating system. He was way above Chris Haney, the hacker from my other “Security in the News” posting who broke into more than fifty celebrity e-mail accounts; Hotz was knowledgeable with regards to the physical workings of computer technology: using a soldering iron and electrical current to manipulate hardware components such as silicon chips. Whereas Chris Haney was a “Script Kiddie” who many think just got lucky, in many ways George Hotz embodies the pioneer spirit of computer hackers. When asked why he hacks, Hotz replies in the article: “I hack because I’m bored.”
By David Kushner
The New Yorker Magazine
May 7, 2012
Summary by John McBride
George Hotz was only seventeen-year’s old when he hacked Apple’s I-Phone in 2007. He removed the back of the phone with a Phillips-head screwdriver and zapped the baseboard processer by soldering a wire to the chip and running voltage through it. This scrambled the code used by the component. He then wrote a program on his personal computer that enabled the phone to work with any wireless phone carrier. Afterwards, he posted an announcement of his discovery on You-tube. Apple never officially acknowledged Hotz’s success at hacking the I-Phone; but Steve Wozniak, the co-founder of Apple, sent an e-mail congratulating him. Not too long after, Apple’s sometime competitor, Google, offered Hotz an internship but he soon grew dissatisfied with the monotony of the assignment. Some might say hacking was in his blood. Next Hotz set his sights on Sony’s Playstation 3, and in a similar way to how he modified the I-Phone, he hacked a console by dismantling it and zapping a component called the hypervisor. Again he wrote a script to command the machine to grant him the access rights he desired. Unlike Apple, Sony retaliated. A California district court granted a restraining order request issued by Sony. It meant that Hotz was barred from both tampering with devices made by Sony and sharing information with others on how to modify those same devices. Sony’s lawyers also subpoenaed information from Hotz’s ISP, his twitter account, his Google account, and his Youtube account. Some say Sony crossed the line when it succeeded in obtaining the addresses of individuals who downloaded Hotz’s instructions for hacking the Sony PS3. By going after him, personally, Sony elevated Hotz to the status of martyr for the digital rights cause. By going after the addresses of other hackers they gave his supporters cause to rally. Thus the backlash began. The secret association of hackers known as Anonymous came to Hotz’s defense. On April 4th, 2011 they launched a denial of service attack that brought down Sony.com and Playstation.com. Then on April 11th Sony came to an agreement with Hotz, who would not face criminal charges, but agreed to a permanent injunction from hacking Sony devices. But the hacker attacks against Sony did not end. On April 19th, hackers had penetrated Sony’s IT security and obtained sensitive information belonging to PSN subscribers, possibly including credit card information. “Security experts called it one of the biggest data breaches of all time.” Sony decided to keep its PSN down indefinitely until it beefed up security. It was costing the company ten million dollars a week in forgone revenue. The attacks continued. On May 1st, twenty-four million personal accounts on Sony Online Entertainment service were hacked. As a result some network services were down two weeks while Sony investigated. Finally, on June, 2nd LulzSec, a splinter group of Anonymous hacked Sony Pictures’ web site, obtaining passwords of site users. Despite the hacker wars that erupted--later Nintendo, Electronic Arts, News Corporation, and others were hacked--Hotz never participated in or directly condoned the attacks. In fact, Hotz never made any contact with members of Anonymous or Lulzsec. He also didn’t let the Sony fiasco break his stride; he accepted a full time position with Facebook but quit after eight months. Anonymous did not fare as well. In March, 2012 the US Attorney’s office indicted six hackers from Anonymous and Lulzsec.
Controls:
Hardware:
I spoke to a desktop support specialist at my office who is a “techie”. He told me that Apple and Sony might have been able to use HAL, Hardware Abstraction Layer tecnology and redundant chips to protect the I-Phone and Sony Play Station Three, respectively, from being hacked. A HAL uses an algorithm to count the number of chips or components. If the chip is changed, this changes how it is counted by the algorithm. Apple and Sony can then restrict privileges based on the alteration. A redundant chip uses a similar methodology. If the original chip is scrambled then the redundant chip won’t match the scrambled chip and privileges can be revoked. If the hacker tries to scramble the redundant chip it still won’t match the original scrambled chip because scrambling produces random results.
Software:
Sony stored passwords in plaintext, rather than encrypting the codes by hashing them. If Sony used strong hashing algorithms such as Sha-512 to hash the passwords it stored it could have prevented the hackers from reading the stolen passwords. Salting (adding random prefixes and suffixes) hashes also makes them more secure. Sony also did not have measures in place to stop an SQL Injection that hackers used to gain access to the Sony Pictures Site. Two broad ways to stop SQL injections are the following: do not allow dynamic database queries and do not allow user input in queries.
Sony:
In response, Sony went on to create a brand new corporate executive position to oversee its global information security and privacy, and in May of 2011, it invited Hotz to come meet with some of its engineers. For an hour he showed the engineers how he had hacked the Play Station 3. This was a bold move by Sony. However, it allowed Sony engineers a valuable opportunity to obtain insight from someone who successfully reversed engineered the product they designed and built.
George Hotz:
George Hotz is a technical hacker. He had completed an internship at Google and worked briefly as a designer at Facebook. He also was competent enough to write code that would work with both the Apple operating system and the Play Station 3 operating system. He was way above Chris Haney, the hacker from my other “Security in the News” posting who broke into more than fifty celebrity e-mail accounts; Hotz was knowledgeable with regards to the physical workings of computer technology: using a soldering iron and electrical current to manipulate hardware components such as silicon chips. Whereas Chris Haney was a “Script Kiddie” who many think just got lucky, in many ways George Hotz embodies the pioneer spirit of computer hackers. When asked why he hacks, Hotz replies in the article: “I hack because I’m bored.”
2nd article: 10/10